Research Experience Qualification Publications

Pierre Parrend – Scientific activities
Pierre Parrend, PhD
Senior Research Scientist
239, Route de la Wantzenau
67000 Strasbourg
France
married
Telephone : +33 (0) 3 69 26 29 80, +33 (0) 3 69 23 29 80
E-mail : [email protected]/[email protected]
Web page : http://www.rzo.free.fr
Driving License
IEEE Computer Society and ACM Member, active with the OWASP
(Open Web Service Security Project) and ISSECO (International
Secure Software Engineering Council) Associations.
Scientific Activities
Last update: 07 Mars 2010
Research Experience
2008-2010: Senior Research Scientist, FZI Karlsruhe – Research Center for Information Technology at the
University Karlsruhe, Software Engineering Domain. Team of Prof. R. Reussner (SDQ Institute, Software
Design and Quality, KIT – Karlsruhe Institute of Technology).
2005-2008: PhD, INRIA Amazones Team, CITI Laboratory, INSA-Lyon.
Ph.D. Thesis Subject: Software Security Models for Service-Oriented Programming (SOP) Platforms. (in
english)
Ph.D. Advisors: Stéphane Frénot, Stéphane Ubéda.
Ph.D. Status: Government Grant at the CITI Laboratory + Teaching Assistant Position at the IUT Lumière
Lyon 2 (Statistics Department).
Thesis Jury :
Dr Cíaran Bryce, CUI, Université de Genève
Pr Didier Donsez, LIG, UJF, Grenoble,
Dr Stéphane Frénot, CITI, INSA de Lyon,
Dr Pierre-Etienne Moreau, INRIA Lorraine
Pr Ralf Reussner, SDQ-IDP, Technische Universität Karlsruhe,
Pr Stéphane Ubéda, CITI, INSA de Lyon,
Defense date: 9.12.2008
Rapporteur
Directeur de Thèse
Rapporteur
Directeur de Thèse
2004-2005: Master of Research, ICTT Laboratory, Ecole Centrale de Lyon. Subject: ''TCAO (travail
collaboratif assiste par ordinateur), MDE (Model Driven Engineering) et Ontologies : vers la generation
automatique d'applications collaboratives. Supervisor: Bertrand David.
03.2004-06.2004 : Laboratoire CITI, INSA Lyon. Thème: validation formelle pour les systèmes embarqués.
Qualification
2009: Qualified as allowed to apply for ‘Maitre de conférences’ tenure positions by the French CNU
(Commission nationale des Universités), section 27 (Computer Sciences). Qualification ID: 09227195758.
Publications
Book Chapter

Security for Java Platforms, Pierre Parrend, Chapter in `Java Software', Nova Publishers, New York,
2009, 29 pages.
1/6
Pierre Parrend – Scientific activities
International Journals

Security Benchmarks of OSGi Platforms: Toward Hardened OSGi, Pierre Parrend, Stephane Frénot,
Software, Practice and Experience. Accepted for publication (September 2008; Impact Factor: 2003,
0,57, 2002: 0,65).
National Journals

Vérification automatique pour l’exécution sécurisée de composants Java, Pierre Parrend, Stephane
Frenot, Revue l'Objet, numéro special 'Composants, services et Aspects: techniques et outils pour la
vérification'.
International Conferences

I-JVM: a Java Virtual Machine for Component Isolation in OSGi, Nicolas Geoffray, Gael Thomas, Gilles Muller, Pierre Parrend, Stephane Frenot and Bertil Folliot, 39th IEEE/IFIP Conference on
Dependable Systems and Networks (DSN), Lisbon, Portugal, 2009.

Enhancing Automated Detection of Vulnerabilities in Java Components, Pierre Parrend, Forth
International Conference on Availability, Reliability and Security (AReS 2009), 2009 (8 pages IEEE
CS ; acceptance rate : 25%).
Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms,
Parrend, Stéphane Frenot, Conference on Component-based Software Engineering, Karlsruhe,
Germany, 14-17 October 2008 (Impact Factor: 2007, 0.04; 2006, 0.06; 2005, 0,14; Acceptance Rate:
30%), 18 pages LNCS.
Component-based Access Control: Secure Software Composition through Static Analysis, Pierre
Parrend, Stéphane Frenot, Software Composition, Budapest, Hungary, 29-30 March 2008
(Acceptance Rate: 21%), 18 pages LNCS.
Monitoring Scheduling for Home Gateways, Stephane Frenot and Yvan Royon and Pierre Parrend
and Denis Beras, NOMS 2008, Salvador de Bahia, Brazil, 7-11 April 2008, 6 pages IEEE.
Identity-Based Cryptosystems in the OSGi Service Platform, Samuel Galice, Pierre Parrend,
Stéphane Frenot, Stephane Ubeda, International Conference on Emerging Security Information,
Systems and Technologies, IARIA SecurWare 2007, Valencia, Spain, October 2007 (acceptance
rate: 28%), 8 pages IEEE CS.
A Security Analysis for Home Gateway Architectures, Pierre Parrend and Stephane Frenot,
International Conference on Cryptography, Coding & Information Security, CCIS 2006, November
24-26 2006, Venice, Italy, 6 pages IEEE CS.
Use of Ontologies as a Way to Automate MDE Processes, Pierre Parrend, Bertrand David,
Proceedings of IEEE EuroCon Conference, 21-24 November 2005, Belgrad, Serbia, 4 pages IEEE.






National Conferences

N. Geoffray, G. Thomas, G. Muller, P. Parrend, S. Frénot, and B. Folliot. I-JVM: une machine virtuelle
Java pour l'isolation de composants dans OSGi. In Conférence Française sur les Systèmes
d'Exploitation, Toulouse, France, September 2009.
Industrial Conferences

Multi-service, Multi-protocol Management for Residential Gateways Home Network Management, Y.
Royon, P. Parrend, S. Frénot, S. Papastefanos, H. Abdelnur, D. Van de Poel, S. Frenot, BB Europe,
Antwerp, December 3-6, 2007, 4 pages IEEE CS.
International Workshops

Privacy-Aware Service Integration, Pierre Parrend, Stephane Frenot, Sebastian Hoehn, Services
Integration in Pervasive Environments, Istanbul, Turkey, July 2007 (acceptance rate: 47%), 6 pages
IEEE CS.
2/6
Pierre Parrend – Scientific activities

Supporting the Secure Deployment of OSGi Bundles, Pierre Parrend, Stephane Frenot, First IEEE
WoWMoM Workshop on Adaptive and DependAble Mission- and bUsiness-critical mobile Systems,
Helsinki, Finland, 18 June 2007 (acceptance rate: 44%), 6 pages IEEE CS.
Service-Oriented Distributed Communities in Residential Environments, Pierre Parrend, Yvan Royon
and Noha Ibrahim, 1st IEEE International Workshop on Services Integration in Pervasive
Environments June 29, 2006, Lyon, France (acceptance rate: 70%), 6 pages IEEE CS.

Poster

Dependability for Component Systems Deployment, Pierre Parrend, Stéphane Frénot, Poster, first
EuroSys Conference 2006, Leuven, Belgium, April 18-21 2006.
Technical Reports






I-JVM: a Java Virtual Machine for Component Isolation in OSGi, Nicolas Geoffray, Gael Thomas,
Gilles Muller, Pierre Parrend, Stephane Frenot and Bertil Folliot, INRIA Research Report n°6801,
January 2009, 24 pages (also published in DSN’2009).
More Vulnerabilities in the Java/OSGi Platform: a Focus on Bundle Interactions, Pierre Parrend,
Stephane Frenot, INRIA Research Report n°6649, September 2008, 81 pages.
Java Components Vulnerabilities - An Experimental Classification Targeted at the OSGi Platform,
Pierre Parrend, Stéphane Frenot, INRIA Research Report n° 6231, June 2007, 90 pages.
Delivrable DB3.4 - Specification of Residential Gateway configuration, Edited by Olivier Festor, Sam
D'Haesseler, 23/03/2006, IST Project n°026442 Muse.
Parrend, P. & Frenot, S., Secure Component Deployment in the OSGi(tm) Release 4 Platform, INRIA
Technical Report n°0323, June 2006, 49 pages.
Comparison and temporal validation of automotive real-time architectures, K. Godary, P. Parrend,
and I. Augé-Blum, Technical report, CITI, INSA de Lyon, 2004.
PhD Thesis

Software Security Models for Service-Oriented Programming (SOP) Platforms, Pierre Parrend, PhD
Thesis, INSA de Lyon. 2008/12/09.
Master Theses


MDE et CSCW Groupware Travail Coopératif capillaire, Pierre Parrend, Master of Research Thesis,
ICTT Laboratory, Ecole Centrale de Lyon, June 2005. Under direction of Bertrand David.
Validation temporelle d'architectures embarquées pour l'automobile, P. Parrend and I. Augé-Blum,
Professional Master Thesis, CITI Lab, INSA de Lyon, July 2004.
Edited Documents

Software-Industrialisierung, Editors: Franz Brosch, Henning Groenda, Lucia Kapova, Klaus Krogmann, Michael Kuperberg, Anne Martens, Pierre Parrend, Ralf Reussner, Johannes Stammel,
Authors: Emre Taspolatoglu, Anton Truong, Christian Baumgart, Tom Beyer, Philipp Meier, Internal
Report 2009-4 of the Faculty for Computer Sciences, University of Karlsruhe, ISSN 1432-7864.
Invited Talks
20.11.2009: Challenges for Secure Clouds, Trendkongress NetEconomy Karlsruhe, Germany.
27.10.2009: Security in OSGi Applications : Robust OSGi Platforms, secure Bundles, OSGi User
Group Germany, Ludwigsburg.
16.10.2009: OSGi Security, OSGi User Group France, Grenoble.
23.06.2009: Harden Your Java Components (long version), Entwicklertag (Developer Day) 2009,
Karlsruhe, Germany (with selection).
A software engineering approach for building secure Java/OSGi platforms, GI (German
6.03.2009:
Informatic Society) Fomsess (Formal Methods and Software Engineering for Safety and
Security) annual meeting, Karlsruhe, Germany.
3/6
Pierre Parrend – Scientific activities
23.02.2009: Harden your Java Components, OWASP Day 3 – Industry-research day, Bari, Italy (with
selection).
15.10.2008: Security risks and solutions for OSGi-based environments, Seminar at Bell Labs,
Alcatel-Lucent, Antwerpen, Belgium.
14.05.2008: Security for the Java/OSGi Extensible Component Platform, Seminar at SAP Research
Karlsruhe.
29.10.2007: A Dependability Framework for building secure Dynamic Component Systems, Seminar
at the Institute for Software Design and Quality(SDQ), TU Karlsruhe.
24.07.2007: Dependability for Java Mobile Code - a Pragmatic Research View, Swiss OWASP
Group meeting.
19.06.2006: OSGi Release 4 Security Layer: Signature de Bundles (French), OSGi User Group
France meeting.
Technical Documentations
2010 :
2009 :
2007 :
2006 :
2005 :
Chapter ‘Malicious Code Search’ of the ‘Development Guide’ of the OWASP (Open Web
Application Security Project).
Chapters ‘Methodologies’ and ‘Deployment’ of the training Syllabus for the ISSECO
(International Secure Software Engineering Council) Certification ‘Certified Professional
for Secure Software Engineering’.
Member of the review team for the OWASP ASVS (Application Security Verification
Standard).
OSGi Security Documentation Center: http://sfelix.gforge.inria.fr/osgi-security/
OWASP Java Project: Bytecode Obfuscation, Signing Jar File with Jarsigner, Protecting
Code
Archive
with
Digital
Signature
(see
https://www.owasp.org/index.php/Category:OWASP_Java_Project ).
OPS4J Project: 'A quick start with OSGi Logging, the OPS4J library' (see
http://wiki.ops4j.org/confluence/display/ops4j/How+to+use+Pax+Logging ).
Original version of the 2007 articles.
Introduction
to
MDA:
Principles,
and
Practical
Introduction
(see
and
http://www.sciences.univ-nantes.fr/lina/atl/bibliography/Parrend_05
http://pparrend.developpez.com/ ).
Teaching
For course material, please see: http://www.rzo.free.fr/teaching.php.
Participation in logistics for courses by the SDQ (Software Design and Quality) Institute
of the University Karlsruhe (Development with Eclipse, Software Industrialization).
Reviewer in the course ‘PI – Projets Industriels’ (Industrial Projects), Telecom
Department, INSA Lyon.
In charge of a practical session at the 2007 summer school of the French OSGi User
09-2007:
Group (6 hours).
2005-2008 : 3 year teaching contract ('Moniteur') as part time teacher in Computer Engineering at
University of Lyon 2. In charge of a Database Course for 3d year students; Academic
Tutor for 1st year student internships (2), 3d year student internship (1); participation in
following courses: web development, Java language, PhP, Access (196 hours).
d
th
2004-2005 : Teacher at Lyon Sciences-U school, 3 and 4 year of Study. In charge of following
courses: Java Language, Telecommunications, Software Engineering (107 hours).
Occasional participation in ‘Operating Systems’ course at the Telecommunication
department of the INSA Lyon.
Training course in Office Automation for first College year students, University of Lyon 2
09.2004 :
(92 hours).
Math tutorial for first year Mechanical Engineering students, Technical University
2000 :
Karlsruhe, Germany (24 hours).
2008-2009:
Students
2008-2010 : Francois Goichon
Master of Science, INSA-Lyon. Data flow analysis for secure object
4/6
Pierre Parrend – Scientific activities
oriented components. Together with Stéphane Frénot (INSA-Lyon)Christina Pildner
Master in Computer Science, University Karlsuhe. Theme: ‘Modelbased analysis of vulnerabilities in object oriented modules’.
Yun Lin
Master in Computer Science, University Karlsuhe. Theme:
‘Performance analysis for automotive architecture models’. Together
with Nico Adler and Philipp Graf (FZI).
Student developers at FZI.
2008-2010 : Erik Lübke;
Volodymyr Borovik.
02/07-2008 : Stéphane Chevalier End-of-Study Intership (CPE Engineer School), together with Stéphane
Frénot. Theme: Logging of component communications in the OSGi
Platform.
Participation in Research Projects
In charge of the coordination of the QAKAOS project proposal for the German program
‘KMU-Innovativ’ with SMEs: Eclipse Source, andrena object Karlsruhe.
In charge of the coordination of the WIRTUE STREP proposal for the FP7-ICT-2009-5.
2009:
FZI representative in the CBS IP proposal.
Representative of the FZI for the CBS project (FP7-ICT-2009-5., objective 1.4
‘trustworthy systems’).
Participation in the redaction of the Moon ANR Project proposal.
2008:
Participation in the LISE ANR Project (Liability Issues in Software Engineering). Meeting
2008:
in Grenoble (27-28.02.2008), Organization of the Meeting in Lyon (July 2008).
2005-2008 : Participation in the Muse IST Project n°026442 (Advanced ADSL Gateways). Meetings
in Den Haag (Netherland), 04.2006, Bilbao (Spain), 10.2006. Integration of the SFelix
Code in Alcatel Demonstrator.
2010:
Industrial Projects
2009:
2008 - 2010 :
Participation at the definition of the Syllabus of the ISSECO association for professional
training in secure software engineering: chapters ‘Methodologies’and ‘Secure
Deployment’.
Project Manager of the FAST (FZI Assessment Tools) internal Project in the FZI Karlsruhe.
Goal: valorization of research tools. Team size: 10 persons, part-time.
Development
Development Projects with research scope (Available on INRIA SourceForge):

Stanja: Eclipse plug-in for identification of security flaws in object-oriented components (together with
Christina Pildner).

SFelix: secure version of the Felix Platform (http://sfelix.gforge.inria.fr/)

SF-JarSigner: Signature and Deployment of OSGi bundles (http://sf-jarsigner.gforge.inria.fr/)
Malicious Suite: Malicious Components that exploit OSGi vulnerabilities
Organization
02.2010:
Organization of the ‘FZI-im-Dialog’ seminar and networking event. Target audience: 100
IT managers and experts from Karlsruhe and the region.
07.2009:
Organization of the Eclipse Application Developer Day (EADD) Karlsruhe 2009.
07.2008:
Organization of a meeting of the French ANR Lise (Liability Issues in Software
Engineering) Project, Lyon.
Committee membership and scientific reviews
5/6
Pierre Parrend – Scientific activities
2010:
2009 :
2008 :
2007 :
2006 :
Part of the Program Committee for the SPCC Workshop (Security and Privacy in Cloud
Computing). Brussels, Belgium, January 29, 2010.
Part of the Program Committee for the SecSE (Secure Software Engineering)
Workshop. To be hold with the ARES Conference.
Part of the Program Committee for the Septis (Security and Privacy in Telecommunications and Information Systems) Workshop at the IEEE SITIS Conference.
Part of the Program Committee for SAR-SSI (Conférence sur la Sécurité des
Architectures Réseaux et des Systèmes d'Information) 2009.
Part of the Program Committee for SIPE’2009 (Integration in Pervasive Environments).
Part of the Program Committee of IARIA ICIMP (International Conference on Internet
Monitoring and Protection) and Securware (International Conference on
Emerging Security Information, Systems and Technologies) 2009.
Member of the Reviewer Team of IEEE Potentials (Total of 20 + papers).
Member of the Technical Program Committee of the IARIA conferences Securware; Coreviewer with Stéphane Frénot for the WOSA Workshop, SERA Workshop, Notere and
DSOM Conference.
Review for the OWASP (Open Web Application Security Project) Summer of Code 2008
for 2 projects: Application Security Verification Standard, OpenSign (Online code signing
and integrity verification service) Server.
Part of the Shadow PC for the CoNext 2008 Conference, Madrid, Spain.
Member of the Reviewer Team of IEEE Potentials.
Member of the Technical Program Committee of the IARIA conferences ICGD&BC (First
International Conference on Global Defense and Business Continuity) and
SECURWARE (International Conference on Emerging Security Information, Systems
and Technologies).
MIT Press Book 'At your Service', Review of the achievements of the European FP6
Research Framework in Service Oriented Architecture.
NOTERE Conference (New Technologies for Distributed Systems), 2 papers read as coreviewer.
IST Muse Project, Chapter 9, Milestone 3, Task Force 3.
IST Muse Project, 'AAA in the Muse Infrastructure' end-of-project deliverable, Task
Force 1.
Member of the Reviewer Team of IEEE Potentials.
NOTERE Conference (New Technologies for Distributed Systems), 2 papers read as coreviewer with S. Frénot.
Misc. Training
Management:
Scientific
Training :
Innovation :
Teaching :
Keys2Competence Seminar rows and coaching: ‘Management for young scientifics’,
Karlsruhe Institute for Technology (KIT), 10.2009-05.2010.
ICAR (Integration et Contruction d'Applications Réparties) Summer School 2006,
Autrans, August 2006, France; Lugano Summer School on Dependable Systems, July
2006, Swiss.
Building an innovative Firm (2007, Créalys, Lyon), Legal Software Protection (2007,
Insavalor, Lyon), IEEE Seminar 'Leadership and Management', France (in English),
10.2004, Le Mans, France.
Evaluation in the teaching process, Handling risky behaviors (CIES Lyon, 2007),
Building an online course, Training Trainers (CIES Lyon, 2006), The 'IUT en Ligne'
Platform (Nimes).
6/6